Apple Bops Beeper, but iMessage Android Whac-A-Mole Ensues
2023-12-13 02:27:50 Author: securityboulevard.com(查看原文) 阅读量:4 收藏

Apple CEO Tim Cook as Emperor Palpatine, with superimposed text: “Only now—at the end—do you understand”Beeper’s reverse engineered iMessage integration, once killed by Tim’s crew, rises phœnix like.

Apple’s excuse for preventing Beeper Mini from connecting Android users to their iFriends made no sense: The unauthorized app improved everyone’s security and privacy.

But here comes a new build. In today’s SB Blogwatch, we’re afraid the deflector shield will be quite operational when the new Beeper arrives.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Posy’s diff.

A New Hope

Hello there. Sarah Perez reports—“Beeper Mini is back”:

Security and privacy
Beeper Mini, the app bringing blue bubble iMessage texts to Android users, is back in operation … after a long weekend that saw Apple putting an end to Beeper’s services, claiming it was a security risk. Now, the startup behind the new app says it has resumed functioning, but hasn’t disclosed how.

Founded by former Pebble smartwatch founder Eric Migicovsky … upon the discovery of new technology that allowed it to reverse-engineer the iMessage protocol, [Beeper] set out to build a new app … focused on bringing iMessage chats to Android users. … That included support for high-quality photos and videos, tapback reactions, typing indicators, read receipts and more.

Only days after launching, Apple on Friday night took action … having found a way to stop Beeper Mini’s messages from being passed from Android phones to its servers. The Cupertino tech giant explained [Beeper] “posed significant risks to user security and privacy.” … Apple has not yet gotten in touch directly with Beeper. … It’s unclear at this time if, how, or when it will be able to disable Beeper’s updated build.

It’s a trap! Mike Masnick calls the takedown—“Nonsensical”:

A very stupid self-own
Apple has spent the past few years pushing the marketing message that it alone … is dedicated to your privacy. This has always been something of an exaggeration. … But its actions over the past few days call all of that into question, and suggest that Apple’s commitment to privacy is much more a commitment to walled gardens and Apple’s bottom line.

By not allowing Android users to actually use iMessage itself, it was making communications less secure. [Instead] Apple has generally made snarky “just buy an iPhone” comments when asked about its unwillingness to interoperate securely. … Apple’s PR strategy is often to just stay silent, but it actually did … put out a PR statement that is simply utter nonsense.

Almost everything here is wrong. Literally, Beeper Mini’s interoperable setup better protected the privacy of Apple’s customers than Apple itself did. … It effectively piggybacked onto Apple’s end-to-end encryption system … protecting both … iOS users and Android users. … For Apple to do this just as policymakers are looking … to ensure openness and interoperability seems like a very stupid self-own.

I have a bad feeling about this. John Gruber dares to pun it—“Beeper? I Hardly Knew Her”:

It was untenable
A lot of people — including me — wish Apple would release an iMessage client for Android. … Eddy Cue himself pushed for Apple to release an iMessage client for Android, back in 2013. … But that’s Apple’s decision to make, and they obviously decided against it.

It was untenable perception-wise for Apple to allow unauthorized client software on a messaging platform heralded first and foremost for its privacy and security. … Again, I wish Apple would release an iMessage client for Android (but what I really wish is that they’d done so a decade ago). … But I don’t buy the argument that Apple is under any sort of ethical obligation to do so.

Why hasn’t Apple done this itself? Quinn “SnazzyLabs” Nelson finds your lack of faith disturbing:

Apple execs talked over 10 years ago about bringing iMessage to competing platforms, but many feel Apple avoided it for fear of losing customers to Android. If Apple did feel that way, it was irrational and stupid—it was then and it continues to be—because iOS has oodles of amazing features worth staying for. And if iMessage really is the only thing keeping users on this side of the aisle, [then] Apple’s screwed.

This isn’t just a way to bring blue bubbles to broke-boy Android users—it’s a way to improve the messaging experience and security for Apple’s own users. Apple has intentionally made messaging Android users a horrible, insecure experience.

Can Apple cut it off legally, though? seanp2k2 has the high ground:

They run the infrastructure for iMessage. I’m sure there’s something in a ToS somewhere that talks about spoofing device IDs and unauthorized use of their services blah blah Apple’s sole discretion.

All Apple needs to do is send a few scary C&D letters from their army of lawyers and this will be done. … It’ll be dead soon as Apple has too much to gain from the walled garden they’ve spent decades and billions building and defending.

There’s no such thing as luck. kqs agrees:

There are multiple ways Apple can shut this down. And they will. Which is a shame. … That’s Apple’s right, of course, [but] by making sure that when their customers communicate with non-Apple folks, the messages are insecure and non-private.

Apple has the choice of either allowing secure and private communication, or making more money. Apple has constantly chosen more money. … I’m tired of people claiming that Apple prioritizes privacy and security, when Apple has constantly demonstrated the opposite.

That’s no moon. AlastorKatriona is having none of it:

What could possibly be this company’s end game? A bunch of negative attention to magically equal profit? Who would do business with a company that is knowingly trying to use exploits to create features that they know full well will be shut down within days?

Never tell me the odds. GodFather wishes you’d exit his grassed area:

I’m getting Trillian vs. AIM/Yahoo vibes with this. Those were the heyday of the “reverse engineer a protocol, get blocked, figured out a workaround, rinse & repeat” cat & mouse game.

Meanwhile, berto1014 says we’re doomed:

What’s funny about this whole deal is that Apple has always claimed iMessage as “secure,” yet a 16 y/o hacked into it. … It means iMessage was never secure, and undoubtedly has been exploited (probably by governments, etc.)

And Finally:

A fascinating way to look at the world

Hat tip: Tom Scott, who says it’s “almost meditative.”

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi, @richij or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.

Image sauce: European Commission—photographer: Christophe Licoppe (EC decision 2011/833/EU; leveled and cropped)

Recent Articles By Author


文章来源: https://securityboulevard.com/2023/12/beeper-imessage-android-apple-richixbw/
如有侵权请联系:admin#unsafe.sh